Re: [Lit.] Buffer overruns
From: Brian Inglis (Brian.Inglis_at_SystematicSW.Invalid)
Date: 02/01/05
- Next message: BRG: "Re: [Lit.] Buffer overruns"
- Previous message: Brian Inglis: "Re: [Lit.] Buffer overruns"
- In reply to: David Wagner: "Re: [Lit.] Buffer overruns"
- Next in thread: David Wagner: "Re: [Lit.] Buffer overruns"
- Reply: David Wagner: "Re: [Lit.] Buffer overruns"
- Reply: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 01 Feb 2005 14:55:12 GMT
On Tue, 1 Feb 2005 01:57:28 +0000 (UTC) in alt.folklore.computers,
daw@taverner.cs.berkeley.edu (David Wagner) wrote:
>infobahn wrote:
>>Yeah, okay, that bastion of knowledge about computer programming,
>>the daily rag. Fine. Let's just assume that they've reported
>>something right, for a change. I mean, yes, it could happen.
>>
>>But what about all the non-buffer-overrun bugs that they are not
>>reporting? I think you forgot about those.
>>
>>Or do you have some evidence that attacks on such bugs do not happen,
>>or are significantly less frequent than buffer overrun attacks?
>>
>>If so, do you have an accredited source for that evidence that's
>>just a touch more convincing than a daily newspaper?
>
>Ask, and ye shall receive. I generally try to answer technical questions
>to the best of my ability whenever I can. (Sometimes even when they are
>cloaked in a layer of sarcasm!)
>
>Sure, I can point you to some work that attempts to quantify the rate
>of different kinds of security holes:
>
>Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
>http://www.cse.ogi.edu/~crispin/discex00.pdf
>
>A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
>http://www.cs.berkeley.edu/~daw/papers/overruns-ndss00.pdf
>
>These papers examined vulnerability reports to CERT or bugtraq and
>counted the relative ratio of buffer overruns to other kinds of security
>holes. They reported rates on the order of 50%: something like half of
>all reported vulnerabilities blamed on buffer overruns. So the data
>supports Paul Rubin's claim about the prevalence of buffer overruns.
>
>Keep in mind that those studies are now 5 years old, and the ratio has
>probably changed with time. Anecdotally, I believe buffer overruns still
>account for a large proportion of the worst security holes we have to deal
>with, even today. However, I don't have exact numbers for you. If you are
>curious, you could perform your own analysis: there is plenty of data out
>there (bugtraq, CVE, CERT reports, etc.), and all it would take a bit of
>data gathering and data analysis.
>
>I hope this helps answer your question.
What percentage of those are IE, OE, or other MS products, or written
in C++ or VB?
--
Thanks. Take care, Brian Inglis Calgary, Alberta, Canada
Brian.Inglis@CSi.com (Brian[dot]Inglis{at}SystematicSW[dot]ab[dot]ca)
fake address use address above to reply
- Next message: BRG: "Re: [Lit.] Buffer overruns"
- Previous message: Brian Inglis: "Re: [Lit.] Buffer overruns"
- In reply to: David Wagner: "Re: [Lit.] Buffer overruns"
- Next in thread: David Wagner: "Re: [Lit.] Buffer overruns"
- Reply: David Wagner: "Re: [Lit.] Buffer overruns"
- Reply: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
